<?php
include '../common.php';
$rule = [
	'password'  => ['kong','原密码不能为空'],
	'password1' => ['kong','新密码不能为空'],
	'password2' => ['kong','确定密码不能为空'],
];
$a = panduan($rule);
if($a['code'] == 0){
	exit($a['msg']);
}
$name      = trim($_SESSION['admin']);
$password  = md5(trim($_POST['password']));
$password1 = md5(trim($_POST['password1']));
$password2 = md5(trim($_POST['password2']));

$sql = "SELECT * FROM user where name = '$name'";
$row = select($sql,$DB);
if (trim($row[0]['password']) !==$password) {
	exit('原密码不正确');
}

if ($password === $password1 ) {
	exit('原密码和新密码不能一样');
}
if ($password1 !== $password2 ) {
	exit('两次密码不一样');
}
$sql = "UPDATE user SET password = ' " .$password1. " ' WHERE name = '$name'";
$row = update($sql,$DB);

if (!$row) {
	exit('密码修改不成功');
}
header("location:../logout.php",302);